[webapps] WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download

1 year ago

source link: https://www.exploit-db.com/exploits/50992
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download

EDB-ID:

50992

2022-2551

EDB Verified:

Exploit:

Platform:

PHP

Date:

2022-08-01

Vulnerable App:

# Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
# Google Dork: N/A
# Date: 07.27.2022
# Exploit Author: SecuriTrust
# Vendor Homepage: https://snapcreek.com/
# Software Link: https://wordpress.org/plugins/duplicator/
# Version: < 1.4.7
# Tested on: Linux, Windows
# CVE : CVE-2022-2551
# Reference: https://securitrust.fr
# Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2551

#Product:
WordPress Plugin Duplicator < 1.4.7

#Vulnerability:
1-It allows an attacker to download the backup file.

#Proof-Of-Concept:
1-Backup download.
The backup file can be downloaded using the "is_daws" parameter.
http://[PATH]/backups-dup-lite/dup-installer/main.installer.php

Copy

Recommend

[webapps] WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download

WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download

EDB-ID:

50992

2022-2551

Platform:

PHP

Date:

2022-08-01

Recommend

The Importance of Link Building in SEO and How You Can Get It Right

How to Weather the ‘Midlife Happiness Dip’

Chat GPT: What Does AI Know About Architecture | A Brief Chat

[remote] Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)

I Think AI Would Kill my Wife

【计算机视觉】OpenCV 4高级编程与项目实战（Python版）【5】：使用NumPy创建黑白同心...

给数千员工低于标准的绩效评级，Meta下一轮裁员在路上

ChatGPT背后的经济账

[local] Blink1Control2 2.2.7 - Weak Password Encryption

[webapps] CVAT 2.0 - Server Side Request Forgery

About Joyk